Re: dhcp and masquerade

To: Charles Lewis <lewisc@delta.swau.edu>, debian-user@lists.debian.org
Subject: Re: dhcp and masquerade
From: Johan Ehnberg <johan@ehnberg.net>
Date: Fri, 09 Aug 2002 11:29:13 +0300
Message-id: <[🔎] 3D537D59.1030508@ehnberg.net>
References: <[🔎] 004001c23f5d$d72575a0$0207a8c0@find.swau.edu>

You'll have to be a bit more specific with what you want to do, ie. "usemy linux box as MASQ router, routing internal traffic from eth1 out toppp0".

I will assume this, and "run a dhcp server on my eth1".

Charles Lewis wrote:

I've got masquerade working on my home network (my linux box is running
2.4.17 currently), but I'm not sure how to configure dhcp. Here is my
/etc/network/interfaces (I have an eth0 also that I was using when I used to
be on a LAN, but it is now commented out, and not being used for anything,
since my internet feed is now coming through ppp0):

auto lo
iface lo inet loopback

auto eth1
iface eth1 inet static
       address 192.168.7.1
       netmask 255.255.255.0
       up echo "1" >/proc/sys/net/ipv4/ip_forward
       up /sbin/iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -o ppp0 -j
MASQUERADE
       down echo "0" >/proc/sys/net/ipv4/ip_forward
       down /sbin/iptables -t nat -F

Consider using stronger firewalling... it's well worth it.


I assume that I would change 'static' to 'dhcp' above and leave the address
line out? However, the default dhcpd.conf has references to DNS that I don't
know what to do with. Here it is (with comments removed):

No. You have to understand the difference between dhcp server andclient. /etc/network/interfaces specifies how the interfaces get theiraddresses. If you want your linux box to deal out addresses, you shouldgive a static address to it. This is done in the interfaces file.dhcpd.conf is the config file for the dhcp server. Client stuff is in/etc/dhclient.conf. This doesn't usually need to be changed. I'll helpyou on the way with configuring;


option domain-name "fugue.com";

This line is optional; use it if you run DNS services on your internalnetwork. You'll need the bind packages for this to be of any use. Notethat without DNS, you can only access computers on your internal networkby their IP. You can leave this line specified as: "";


option domain-name-servers toccata.fugue.com;

If you don't plan to run your own DNS services, the easiest way toconigure this line is to add the IP of your ISP DNS server. Severalservers separated by a comma (,).


option subnet-mask 255.255.255.224;

Specify the netmask. If this is already OK then leave it. If you don'tknow what to use, than specify 255.255.255.0. In this case internaladdresses can be between 192.168.7.0 and 192.168.7.255 (don't use 0 and255). Note that it should be the same as eth1 in your interfaces file.Using .255 is the easiest way.


default-lease-time 600;
max-lease-time 7200;

Dhcp address renewal time and maximum requestable time. Leave these ifthey don't cause problems. They shouldn't.


The DHCP mini-howto had the following example:

option broadcast-address 192.168.1.255;

This is in your case the last address of your internal network. withnetmask 255.255.255.0 it is .255,


option routers 192.168.1.254;

The IP of your gateway (eth1). Use 192.168.7.1.


option domain-name-servers 192.168.1.1, 192.168.1.2;
option domain-name "mydomain.org";

The following part specifies which addresses to lease.

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.10 192.168.1.100;

You need on of these lines. Don't lease any staticly specifiedaddresses, like your eth1.


  range 192.168.1.150 192.168.1.200;
}

If you want an internal machine always to have the same address, add anentry like:


host nameofmachine {
       hardware ethernet MAC;
       fixed-address IP;
}

For example the machine "linuxbox" with MAC address "00:50:11:AA:DD:CC"and wanted IP "192.168.7.2" looks like:


host linuxbox {
       hardware ethernet    00:50:11:AA:DD:CC;
       fixed-address    192.168.7.2;
}

Remember to have this entry BEFORE the closing bracket (}) for subnet.Thus you'll have two of them (}}) after your last "fixed-address" line.



I'm not sure what to put for "domain-name" or "domain-name-server", since
I'm just running a little home network. Also, do I need the
"broadcast-address" and "routers" entries that the how-to suggests? What
about "subnet-mask",etc. I just want to be able to plug into my network with
any pc and have an ip assigned. (Of course, the server itself gets its ip
dynamically assigned by the ISP)

You need all of them but "domain-name", as explained earlier.

To start the dhcp server run "dhcpd eth1". For testing, using the -foption will run dhcpd in the foreground and display what it does.To automatically start the dhcp server edit /etc/init.d/dhcp and set"run_dhcpd" to 1.Then add the interface name eth1 after the dhcp command in the start andrestart sections in the same file.

You should be all set up.


Charles Lewis
lewisc@delta.swau.edu

Reply to:

References:
- dhcp and masquerade
  - From: "Charles Lewis" <lewisc@delta.swau.edu>

Prev by Date: unsubscribe mboy@monkey-boy.net
Next by Date: Re: dhcp and masquerade
Previous by thread: dhcp and masquerade
Next by thread: Re: dhcp and masquerade
Index(es):
- Date
- Thread